Merge pull request #192 from aws-samples/feat/union-pattern

add union pattern

Author: shapirov103

.github/workflows/ci.yaml

@@ -12,18 +12,18 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [18]
+        node-version: [22]
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v3
       with:
         node-version: ${{ matrix.node-version }}
 
     - name: Cache node modules
-      uses: actions/cache@v2
+      uses: actions/cache@v5
       env:
         cache-name: cache-node-modules
       with:
@@ -48,4 +48,4 @@ jobs:
       run: make list
 
     - name: Run CDK Synth
-      run: make test-all
+      run: make test-all

.github/workflows/markdown-link-check.yaml

@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: '18.x'
+          node-version: '20.x'
       - name: install markdown-link-check
         run: npm install -g markdown-link-check@3.10.2
       - name: markdown-link-check version

bin/unionai.ts

@@ -0,0 +1,8 @@
+import UnionDataplaneConstruct from '../lib/union-dataplane-construct';
+import { configureApp, errorHandler } from '../lib/common/construct-utils';
+
+const app = configureApp();
+
+new UnionDataplaneConstruct().buildAsync(app, 'union-ai-datplane').catch((e) => {
+    errorHandler(app, "Union Dataplane Construct pattern is not setup due to missing secrets for Union client. See Union Dataplane Construct in the readme for instructions", e);
+});

docs/patterns/union.md

@@ -0,0 +1,136 @@
+# Union.ai on EKS Pattern
+
+Union.ai empowers AI development teams to rapidly ship high-quality code to production by offering optimized performance, resource efficiency, and workflow authoring experience. With Union.ai your team can:
+
+- Run complex AI workloads with performance, scale, and efficiency.
+- Scale out to multiple regions, clusters, and clouds as needed for resource availability, scale, or compliance.
+
+Union.ai’s modular architecture allows for great flexibility and control. The customer can decide how many clusters to have, their shape, and who has access to what. All communication is encrypted.
+
+<p align="center">
+  <a href="https://www.union.ai">
+    <img alt="Union Self-managed Architecture" src="https://www.union.ai/docs/v1/selfmanaged/_static/images/deployment/architecture.svg" width="600" />
+  </a>
+</p>
+
+
+## Prerequisites
+
+Ensure that you have installed the following tools on your machine:
+
+- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) (also ensure it is [configured](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-quickstart.html#getting-started-quickstart-new))
+- [cdk](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html#getting_started_install)
+- [npm](https://docs.npmjs.com/cli/v8/commands/npm-install)
+- [tsc](https://www.typescriptlang.org/download)
+- [make](https://www.gnu.org/software/make/)
+- uctl
+
+### Installing `uctl`
+
+On Mac:
+```bash
+brew tap unionai/homebrew-tap
+brew install uctl
+```
+
+With cURL:
+```bash
+curl -sL https://raw.githubusercontent.com/unionai/uctl/main/install.sh | bash
+```
+
+## Deployment
+
+### Setup Union Credentials
+
+Both the control plane URL and cluster name will be provided by Union.  Union will also provide authentication information for your account to access the hosted control plane.
+
+```bash
+export UNION_CONTROL_PLANE_URL=<YOUR_UNION_CONTROL_PLANE_URL>
+export UNION_CLUSTER_NAME=<YOUR_SELECTED_CLUSTER_NAME>
+export UNION_ORG_NAME=<YOUR_SELECTED_ORG_NAME>
+
+uctl config init --host=$UNION_CONTROL_PLANE_URL
+uctl selfserve provision-dataplane-resources --clusterName $UNION_CLUSTER_NAME --provider aws
+```
+
+This command will output the ID, name, and secret used by Union services to communicate with the control plane.
+
+### Create Union Secrets in AWS Secrets Manager
+
+```bash
+export UNION_SECRET_NAME=union-secret
+aws secretsmanager create-secret --name $UNION_SECRET_NAME \
+  --secret-string "{\"host\":\"$UNION_CONTROL_PLANE_URL\",\"clusterName\":\"$UNION_CLUSTER_NAME\",\"orgName\":\"$UNION_ORG_NAME\"}"
+
+export UNION_CLIENT_SECRET_NAME=union-client-secret
+export UNION_CLIENT_ID_SECRET_VALUE=<CLUSTERAUTHCLIENTID_FROM_SELFSERVE_COMMAND>
+export UNION_SECRET_SECRET_VALUE=<CLUSTERAUTHCLIENTSECRET_FROM_SELFSERVE_COMMAND>
+
+aws secretsmanager create-secret --name $UNION_CLIENT_SECRET_NAME \
+  --secret-string "{\"clientId\":\"$UNION_CLIENT_ID_SECRET_VALUE\",\"clientSecret\":\"$UNION_SECRET_SECRET_VALUE\"}"
+```
+
+### Clone the repository:
+
+```sh
+git clone https://github.com/aws-samples/cdk-eks-blueprints-patterns.git
+cd cdk-eks-blueprints-patterns
+```
+
+### Run the following commands:
+
+```sh
+make deps
+make build
+make pattern unionai deploy
+```
+
+### Validation
+
+Run the command:
+```bash
+kubectl get deploy -A
+```
+
+Output should be:
+```bash
+NAMESPACE     NAME                                                  READY   UP-TO-DATE   AVAILABLE   AGE
+kube-system   blueprints-addon-metrics-server                       1/1     1            1           57d
+kube-system   blueprints-addon-union-dataplane-kube-state-metrics   1/1     1            1           57d
+unionai       executor                                              1/1     1            1           57d
+unionai       flytepropeller                                        1/1     1            1           57d
+unionai       flytepropeller-webhook                                1/1     1            1           57d
+unionai       opencost                                              1/1     1            1           57d
+unionai       prometheus-operator                                   1/1     1            1           57d
+unionai       syncresources                                         1/1     1            1           57d
+unionai       union-operator                                        1/1     1            1           57d
+unionai       union-operator-proxy                                  1/1     1            1           57d
+```
+
+To validate the cluster has been successfully registered to the Union control plane run the command:
+```bash
+uctl get cluster
+```
+
+Output should be:
+```bash
+ ----------- ------- --------------- -----------
+| NAME      | ORG   | STATE         | HEALTH    |
+ ----------- ------- --------------- -----------
+| <cluster> | <org> | STATE_ENABLED | HEALTHY   |
+ ----------- ------- --------------- -----------
+1 rows
+```
+
+### 8. Register and run example workflows
+
+```bash
+uctl register examples --project=union-health-monitoring --domain=development
+uctl validate snacks --project=union-health-monitoring --domain=development
+ ---------------------- ----------------------------------- ---------- -------------------------------- -------------- ----------- ---------------
+| NAME                 | LAUNCH PLAN NAME                  | VERSION  | STARTED AT                     | ELAPSED TIME | RESULT    | ERROR MESSAGE |
+ ---------------------- ----------------------------------- ---------- -------------------------------- -------------- ----------- ---------------
+| alskkhcd6wx5m6cqjlwm | basics.hello_world.hello_world_wf | v0.3.341 | 2025-05-09T18:30:02.968183352Z | 4.452440953s | SUCCEEDED |               |
+ ---------------------- ----------------------------------- ---------- -------------------------------- -------------- ----------- ---------------
+1 rows
+```

lib/common/construct-utils.ts

@@ -36,6 +36,11 @@ export async function prevalidateSecrets(pattern: string, region?: string, ...se
     }
 }
 
+export function getJsonSecret(secretString: string, key?: string): string {
+    const parsed = JSON.parse(secretString);
+    return key ? parsed[key] : parsed;
+}
+
 export class EmptyStack extends cdk.Stack {
     constructor(scope: cdk.App, ...message: string[]) {
         super(scope, "empty-error-stack");

lib/kubeshark-construct/index.ts

@@ -11,7 +11,7 @@ export default class KubesharkConstruct {
         EksBlueprint.builder()
             .account(process.env.CDK_DEFAULT_ACCOUNT!)
             .region(process.env.CDK_DEFAULT_REGION)
-            .addOns(new KubesharkAddOn())
+            .addOns(new KubesharkAddOn({repository: "https://helm.kubeshark.com"}))
             .version('auto')
             .build(scope, stackId);
     }

lib/union-dataplane-construct/index.ts

@@ -0,0 +1,80 @@
+import * as cdk from 'aws-cdk-lib';
+import * as blueprints from '@aws-quickstart/eks-blueprints';
+import * as union from '@unionai/union-eks-blueprints-addon';
+import { prevalidateSecrets, getJsonSecret } from '../common/construct-utils';
+
+const BUCKET_PROVIDER_NAME = "union-s3-bucket";
+
+export default class UnionDataplaneConstruct {
+    async buildAsync(scope: cdk.App, id: string) {
+
+        await prevalidateSecrets(UnionDataplaneConstruct.name, undefined,  "union-client-secret", "union-secret");
+        const unionSecretString = await blueprints.utils.getSecretValue("union-secret", process.env.CDK_DEFAULT_REGION!);
+
+        const unionConfig: union.UnionDataplaneAddOnProps = {
+            orgName: getJsonSecret(unionSecretString, "orgName"),
+            unionSecretName: "union-client-secret",
+            clusterName: getJsonSecret(unionSecretString, "clusterName"),
+            s3BucketProviderName: BUCKET_PROVIDER_NAME,
+            host: getJsonSecret(unionSecretString, "host"),
+        };
+
+        const stackId = `${id}-blueprint`;
+
+        const nodeClassSpec: blueprints.Ec2NodeClassV1Spec = {
+            amiFamily: "Bottlerocket",
+            amiSelectorTerms: [
+                { alias: "bottlerocket@1.50.0" }, // alias allows to specify ami family and version. @latest also supported
+            ],
+            subnetSelectorTerms: [
+                { tags: { Name: `${stackId}/${stackId}-vpc/PrivateSubnet*` } },
+            ],
+            securityGroupSelectorTerms: [
+                { tags: { "aws:eks:cluster-name": `${stackId}` } },
+            ],
+        };
+
+        const nodePoolSpec: blueprints.NodePoolV1Spec = {
+            labels: { type: "karpenter-test" },
+            requirements: [
+                { key: "node.kubernetes.io/instance-type", operator: "In", values: ["m5.2xlarge", "m5.xlarge"] },
+                {
+                    key: "topology.kubernetes.io/zone",
+                    operator: "In",
+                    values: [`${process.env.CDK_DEFAULT_REGION}a`, `${process.env.CDK_DEFAULT_REGION}b`],
+                },
+                { key: "kubernetes.io/arch", operator: "In", values: ["amd64"] },
+                { key: "karpenter.sh/capacity-type", operator: "In", values: ["on-demand"] },
+            ],
+            expireAfter: "20m",
+            disruption: { consolidationPolicy: "WhenEmpty", consolidateAfter: "30s" },
+            limits: { cpu: 400 }
+        };
+
+
+        const addOns: Array<blueprints.ClusterAddOn> = [
+            new blueprints.addons.MetricsServerAddOn,
+            new blueprints.addons.VpcCniAddOn,
+            new blueprints.addons.KubeProxyAddOn,
+            new blueprints.addons.CoreDnsAddOn,
+            new blueprints.addons.EksPodIdentityAgentAddOn,
+            new blueprints.addons.KarpenterV1AddOn({
+                ec2NodeClassSpec: nodeClassSpec,
+                nodePoolSpec: nodePoolSpec,
+                interruptionHandling: true,
+                podIdentity: true
+            }),
+            new union.UnionDataplaneCRDsAddOn,
+            new union.UnionDataplaneAddOn(unionConfig)
+        ];
+        blueprints.EksBlueprint.builder()
+            .account(process.env.CDK_DEFAULT_ACCOUNT)
+            .region(process.env.CDK_DEFAULT_REGION)
+            .resourceProvider(BUCKET_PROVIDER_NAME, new blueprints.CreateS3BucketProvider({ name: `union-bucket-${process.env.CDK_DEFAULT_ACCOUNT!}`, id: "union-bucket" }))
+            .addOns(...addOns)
+            .version('auto')
+            .build(scope, stackId);
+    }
+}
+
+

mkdocs.yml

@@ -51,6 +51,7 @@ nav:
     - Graviton Pattern: 'patterns/graviton.md'
     - Windows Pattern: 'patterns/windows.md'
     - gMaestro Pattern: 'patterns/gmaestro.md'
+    - Union.ai Pattern : 'patterns/union.md'
 markdown_extensions:
   - def_list
   - pymdownx.highlight

package.json

@@ -24,7 +24,7 @@
     "typescript": "^5.3.3"
   },
   "dependencies": {
-    "@aws-quickstart/eks-blueprints": "1.16.3",
+    "@aws-quickstart/eks-blueprints": "1.17.4",
     "@aws-sdk/client-config-service": "^3.576.0",
     "@aws-sdk/client-eks": "^3.478.0",
     "@claranet-ch/konveyor-eks-blueprint-addon": "^1.0.2",
@@ -40,18 +40,18 @@
     "@paralus/paralus-eks-blueprints-addon": "^0.1.5",
     "@rafaysystems/rafay-eks-blueprints-addon": "^0.0.2",
     "@snyk-partners/snyk-monitor-eks-blueprints-addon": "^1.1.1",
-    "aws-cdk": "2.173.4",
-    "aws-cdk-lib": "2.173.4",
+    "@unionai/union-eks-blueprints-addon": "^0.0.5",
+    "aws-cdk": "2.1029.2",
+    "aws-cdk-lib": "2.215.0",
     "eks-blueprints-cdk-kubeflow-ext": "0.1.9",
     "kubeshark": "^0.0.9",
     "source-map-support": "^0.5.21"
   },
   "overrides": {
-    "@aws-quickstart/eks-blueprints": "1.16.3",
-    "aws-cdk": "2.173.4",
-    "aws-cdk-lib": "2.173.4",
+    "@aws-quickstart/eks-blueprints": "1.17.4",
+    "aws-cdk": "2.1029.2",
+    "aws-cdk-lib": "2.215.0",
     "xml2js": "0.5.0",
-    "@aws-cdk/core": "../_EXCLUDED_",
     "axios": "^1.6.2"
   }
 }